SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   GnuTLS Vendors:   gnutls.org
GnuTLS Certificate Processing Flaw May Let Remote Users Bypass Certificate Validation
SecurityTracker Alert ID:  1029855
SecurityTracker URL:  http://securitytracker.com/id/1029855
CVE Reference:   CVE-2014-0092   (Links to External Site)
Date:  Mar 3 2014
Impact:   Disclosure of user information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 3.1.22, 3.2.12
Description:   A vulnerability was reported in GnuTLS. A remote user can bypass certificate validation in certain cases.

A remote user can supply a specially crafted X.509 certificate that will cause GnuTLS to incorrectly report a successful verification.

Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team reported this vulnerability.

Impact:   A remote user can bypass certificate validation in certain cases.
Solution:   The vendor has issued a fix (3.1.22, 3.2.12).

A patch is also available for version 2.12.x.

The vendor's advisory is available at:

http://gnutls.org/security.html#GNUTLS-SA-2014-2

Vendor URL:  gnutls.org/security.html#GNUTLS-SA-2014-2 (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 3 2014 (Red Hat Issues Fix) GnuTLS Certificate Processing Flaw May Let Remote Users Bypass Certificate Validation
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Mar 3 2014 (Red Hat Issues Fix) GnuTLS Certificate Processing Flaw May Let Remote Users Bypass Certificate Validation
Red Hat has issued a fix for Red Hat Enterprise Linux 5.
Mar 12 2014 (Red Hat Issues Fix) GnuTLS Certificate Processing Flaw May Let Remote Users Bypass Certificate Validation
Red Hat has issued a fix Red Hat Enterprise Linux 5.3, 5.6, 5.9, 6.2, 6.3, and 6.4.
Apr 17 2014 (Oracle Issues Fix for Solaris) GnuTLS Certificate Processing Flaw May Let Remote Users Bypass Certificate Validation
Oracle has issued a fix for Solaris 10 and 11.1.
Jun 11 2014 (Siemens Issues Advisory for Rugged Operating System on Linux) GnuTLS Certificate Processing Flaw May Let Remote Users Bypass Certificate Validation
RuggedCom has issued an advisory for Rugged Operating System on Linux (RoX).
Sep 16 2014 (Oracle Issues Fix for Solaris) GnuTLS Certificate Processing Flaw May Let Remote Users Bypass Certificate Validation
Oracle has issued a fix for Solaris 10 and 11.1.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC